module UCB::LDAP
UCB::LDAP
¶ ↑
If you are doing searches that don't require a privileged bind and are accessing the default (production) server you probably don't need to call any of the methods in this module.
Methods in this module are about making connections to the LDAP
directory.
Interaction with the directory (searches and updates) is usually through the search() and other methods of UCB::LDAP::Entry
and its sub-classes.
Constants
- HOST_PRODUCTION
Public Class Methods
Give (new) bind credentials to LDAP
. An attempt will be made to bind and will raise BindFailedException
if bind fails.
Call clear_authentication
() to remove privileged bind.
# File lib/ucb_ldap.rb, line 91 def authenticate(username, password) @username, @password = username, password new_net_ldap() # to force bind() end
The value of the :auth parameter for Net::LDAP.new.
# File lib/ucb_ldap.rb, line 175 def authentication_information password.nil? ? { :method => :anonymous } : { :method => :simple, :username => username, :password => password } end
# File lib/ucb_ldap.rb, line 148 def bind(bind_file, environment) raise "Can't find bind file: #{bind_file}" unless FileTest.exists?(bind_file) binds = YAML.load(IO.read(bind_file)) bind = binds[environment] || raise("Can't find environment=#{environment} in bind file") authenticate(bind['username'], bind['password']) end
Removes current bind (username, password).
# File lib/ucb_ldap.rb, line 99 def clear_authentication authenticate(nil, nil) end
Used for testing
# File lib/ucb_ldap.rb, line 215 def clear_instance_variables @host = nil @net_ldap = nil @username = nil @password = nil end
Returns LDAP
host used for lookups. Default is HOST_PRODUCTION
.
# File lib/ucb_ldap.rb, line 106 def host @host || HOST_PRODUCTION end
Setter for host.
Note: validation of host is deferred until a search is performed or authenticate() is called at which time a bad host will raise ConnectionFailedException
.
# File lib/ucb_ldap.rb, line 119 def host=(host) if host != @host @host = host @net_ldap = nil end end
Sets the config values we want to use, but doesn't actually connect to the server
# File lib/ucb_ldap.rb, line 79 def initialize(username, password, host=HOST_PRODUCTION) @username = username @password = password @host = host end
Returns true
if connection simple search works.
# File lib/ucb_ldap.rb, line 184 def ldap_ping search_attrs = { :base => "", :scope => Net::LDAP::SearchScope_BaseObject, :attributes => [1.1] } result = false @net_ldap.search(search_attrs) { result = true } result end
Returns arg
as a Ruby Date
in local time zone. Returns nil
if arg
is nil
.
# File lib/ucb_ldap.rb, line 158 def local_date_parse(arg) arg.nil? ? nil : Date.parse(Time.parse(arg.to_s).localtime.to_s) end
Returns arg
as a Ruby DateTime
in local time zone. Returns nil
if arg
is nil
.
# File lib/ucb_ldap.rb, line 165 def local_datetime_parse(arg) arg.nil? ? nil : DateTime.parse(Time.parse(arg.to_s).localtime.to_s) end
Returns Net::LDAP instance that is used by UCB::LDAP::Entry
and subclasses for directory searches.
You might need this to perform searches not supported by sub-classes of Entry
.
Note: callers should not cache the results of this call unless they are prepared to handle timed-out connections (which this method does).
# File lib/ucb_ldap.rb, line 136 def net_ldap @net_ldap ||= new_net_ldap end
Returns new Net::LDAP instance.
# File lib/ucb_ldap.rb, line 198 def new_net_ldap params = { :host => host, :auth => authentication_information, :port => 636, :encryption => { :method => :simple_tls } } @net_ldap = Net::LDAP.new(params) @net_ldap.bind || raise(BindFailedException) @net_ldap rescue Net::LDAP::Error => e raise(BindFailedException) end
Execute UCB::LDAP
commands with a different username and password. Original credentials are restored.
# File lib/ucb_ldap.rb, line 64 def with_credentials(username_to_use, password_to_use) original_username = username original_password = password UCB::LDAP.authenticate(username_to_use, password_to_use) yield ensure UCB::LDAP.authenticate(original_username, original_password) end